I’ve got some security advice for both of my readers out there. This only applies to you if you browse on unsecured wifi networks like at a Starbucks, Panera, or if you steal your neighbor’s wifi. I’m not trying to be an alarmist or anything… but read on if you use public wifi.
Now i always sorta knew this in the back of my mind, but it never really quite sunk in until recently. Basically, it boils down to this. If you are surfing at a public wifi, all of the internet traffic coming off of your laptop or PDA (iPhone on Wifi for example) can be “sniffed” by anyone within the reach of your wifi radio. Now that last bit is the one that should get you.
Think about how far away you can be from your wireless router at home before you lose connection. Can you go 20ft? 50ft? 100ft? OK. Now if you use a directional wifi antenna, you can increase that to HUNDREDS of feet if not more. That means not only do you have to worry about the geeky looking teenager sitting in the sofa across from you at Starbucks, but you also have to worry about his geekier looking buddy who hasn’t seen daylight in about 3 months who built a homemade directional antenna and is watching you (through binoculars) from a rooftop a half mile away.
So now that you know they can get your signal, what information can they get from you? Well, pretty much anything can and will get picked up. That includes the address of the sites you’re going to and any information (especially logins) that is passed back and forth.
Now, you might think you’re safe if you check your bank info since the bank’s website is secure (you should see a padlock icon in your browser when accessing secure websites). However, if in that same session, you happened to check your email then those bad guys have access to your email. And if they have that, they can just go to your bank website and click on that neat “I forgot my password” link and guess what… The bank sends you a link to reset your password via email, which the bad guys now have access to.
OK, so now that I’ve successfully scared you away from ever visiting a publc wifi, what can you do to protect yourself?
The key is to encrpyt ALL traffic that comes from your computer (or PDA) so that even if someone “sniffs” it the can’t make any sense of it. It all looks like gibberish if it’s encrpyted. OK, so how can you do that?
Well, the answer is a VPN. A VPN is a Virtual Private Network. Well, what does that mean? It means you are making a private (i.e. secure) network between you (your laptop, PDA, iPhone, etc) and another computer(s) somewhere. There are several ways of doing this. The easy way, hard way and the compromise. The easy way costs money, the hard way is free, and the compromise is… a compromise.
I’ll start with the easy way. In my opinion it’s the best one, although it will cost you a few bucks. You can purchase a VPN service. Leo Laporte (here, here, and here) has mentioned HotSpotVPN several times although there are several other ompanies out there doing this. HotSpotVPN costs between ~$9-14 per month (depending on the security level) or you can purchase it on a daily basis if you are an infrequent user. They have you install some software and then whenever you’re in a public wifi you just run it. That simple. Once the software is running, all of your traffic is encrypted and safe. It is supposed to work through firewalls and routers (so far so good in my tests).
- Minimal setup
- Easy to run
- Bandwidth (i.e. speed) shouldn’t be limited
- Costs money
The hard way is free, but it will take some doing and technical know-how on your part.
First, find some free VPN software. OpenVPN is a good start, it is a free, open-source, and well supported. You will need a VPN server. That means when you’re out at a public wifi, you will need to connect -to- somebody. Usually, you would setup your computer at home as the VPN server and when you’re at a Starbucks you would run the software to connect to your home computer. The downside is that your internet speed would be limited to your home computer’s internet speed. If you’re running FIOS, it’s probably not a problem.
- Requires a server to connect to, which you must provide
- Because of the above, may require setup on your part to configure
- Bandwidth (i.e. speed) limited by your server connection
OK, so you don’t want to pay money (these are tough economic times folks). And you don’t have the expertise or time to setup your own VPN server, or just flat out don’t have a computer you can connect to. There is an option out there for you (there may be others). It’s called Hotspot Shield and it’s FREE. It is just as easy as HotSpotVPN I mentioned in the easy way… You just download the software and run it when you’re in a public spot. So you’re probably asking yourself “Why didn’t Harvey mention this before?”.
Well, the downside is it is ad-supported. Which means you get a toolbar in your browser and (apparently, because I have actually not used it) a banner ad on the top of each web page you visit, and a 5GB transfer limit (not sure if this is per session, per month, or what).
- Transfer limit
Other Steps YOU Can Take To Be Secure
What else can you do to keep safe in public spaces?
Run a firewall – Windows firewall is OK, but really isn’t enough. If you don’t already have a firewall with a security suite like Nortons, Macafee, etc there are several free firewalls out there including ZoneAlarm and Comodo.
Don’t log into ANYTHING if you aren’t on a secure connection via VPN or the site (like a bank) encrypts the info.
Clear you cookies and session info when you’re done. Firefox makes this easy, IE has a function for it too. Then close your browser.
Who Is At Risk?
- If you’re using wifi anywhere that isn’t secure. Public wifi spots like Starbucks, Panera, your local library, your neighbor’s unsecure wifi, your OWN unsecure wifi (shame on you), etc, etc.
- Any equipment such as a laptop, iPhone, iTouch, a PDA like a Palm device or Blackberry that has (and uses) a wifi connection.
If you’re at home and your wifi network is secured by WPA or WPA-2, then you’re OK. All network traffic is encrypted so even if someone is sniffing, all they get is gibberish. If you are using your cellular providers internet (HSPDA, 3G, EVDO, EDGE, etc) then you’re OK. All traffic is encrypted and sent to your provider first before it goes out to the internet. You just have to be sure your phone is using the mobile internet instead of wifi, usually their is an icon showing which connection you are on.
Hope that helps keep you safe. If anyone has any other options, leave them in the comments section.